CVE-2005-3208

aenovo - SQL Injection via Password Parameter in control.asp

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3208. PoCs published by farhad koosha.

AI-analyzed exploit summary This is a proof-of-concept for an SQL injection vulnerability in Aenovo, aeNovoShop, and aeNovoWYSI applications. The exploit demonstrates a login bypass by injecting malicious SQL input into the password field of a login form.

Description

Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.

Exploits (2)

exploitdb WORKING POC VERIFIED
by farhad koosha · htmlwebappsasp
https://www.exploit-db.com/exploits/26333

This is a proof-of-concept for an SQL injection vulnerability in Aenovo, aeNovoShop, and aeNovoWYSI applications. The exploit demonstrates a login bypass by injecting malicious SQL input into the password field of a login form.

Classification
Working Poc 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Aenovo, aeNovoShop, aeNovoWYSI
No auth needed
Prerequisites: Access to the login page of the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by farhad koosha · textwebappsasp
https://www.exploit-db.com/exploits/26334

The provided text describes SQL injection vulnerabilities in Aenovo, aeNovoShop, and aeNovoWYSI applications due to improper input sanitization. It includes an example URL demonstrating how an attacker could exploit the vulnerability to retrieve administrator credentials.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Aenovo, aeNovoShop, aeNovoWYSI
No auth needed
Prerequisites: Access to the vulnerable application endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17117/
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/19936
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15036
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112872593432359&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22553
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22551
Exploit, Vendor Advisory x_refsource_misc
http://www.kapda.ir/advisory-78.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15038
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22547
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/19937

Scores

EPSS 0.0215
EPSS Percentile 79.8%

Details

Status published
Products (3)
aenovo/aenovo
aenovo/aenovoshop
aenovo/aenovowysi
Published Oct 14, 2005
Tracked Since Feb 18, 2026